Vertical 17 — Non-Terrestrial Network

NTN SHIELD

Protecting AI agents where the atmosphere ends.
7 categories. 56 patterns. SPARTA mapped.
M300
Module
7
Detection Categories
56
Detection Patterns
140
Tests Passing
4
SPARTA TTPs
56
Detection Patterns
7
NTN Categories
140
Tests Passing
4
SPARTA TTPs
6
ATLAS Techniques

7 Detection Categories

Each category maps directly to an ASTRO BLASTER subsystem and carries SPARTA TTP and MITRE ATLAS references on every alert. Run individually per channel or all simultaneously via channel: "all".

M300-01 · ASTRO BLASTER: FEEDINJECT
Ground Station Feed Monitoring
Detects prompt injection arriving via satellite telemetry streams, Earth observation data feeds, and sensor data pipelines that AI agents process as trusted input. Catches instruction overrides, role hijacking, TLE manipulation, and AI context poisoning.
SPARTA IA-0001 AML.T0043 8 patterns
M300-02 · ASTRO BLASTER: ORBITAL
Orbital Routing Integrity
Detects reasoning manipulation and context drift in AI agents managing satellite positioning, constellation management, and routing decisions. Catches deorbit triggers, altitude overrides, beacon suppression, and orbital AI context exfiltration.
SPARTA EX-0002 AML.T0057 8 patterns
M300-03 · ASTRO BLASTER: GROUNDCHAIN
Ground-to-Orbit Trust Chain Guard
Detects trust chain attacks across ground-to-orbit links: agent impersonation, forged delegation chains, authentication bypass, orbital agent identity spoofing, command replay, and zero-knowledge trust abuse.
SPARTA IA-0001 SPARTA LM-0001 AML.T0056 7 patterns
M300-04 · ASTRO BLASTER: NTN_BOUNDARY
NTN MCP Boundary Protection
Detects MCP boundary exploitation in ground control software APIs: tool schema injection, prototype pollution, response poisoning, SSRF via tool call, tool name squatting, data exfiltration, and telecommand frame forgery.
SPARTA EX-0002 AML.T0051 8 patterns
M300-05 · ASTRO BLASTER: FIRMWARE
Satellite Firmware Supply Chain Monitor
Detects AI component supply chain attacks targeting satellite firmware and on-orbit inference systems: malicious model weights, trojaned LoRA adapters, update hijacking, hash mismatch, forced rollback, covert channels, and unsigned model deployment.
SPARTA LM-0001 AML.T0010 8 patterns
M300-06 · ASTRO BLASTER: SWARM_NTN
NTN 5G Agent Guard
Detects AI agent attacks via satellite-backed 5G NR-NTN interfaces. 3GPP Release 17+ NTN protocol anomaly detection: NAS message injection, network slice abuse, timing manipulation, beam hijacking, feeder link spoofing, and rogue AMF targeting.
SPARTA DE-0001 AML.T0043 8 patterns
M300-07 · ASTRO BLASTER: PERSIST
Space Agent Memory Protection
Detects cross-session memory persistence attacks and checkpoint manipulation in ground station AI infrastructure: checkpoint injection, cross-session persistence, memory exfiltration via downlink, malicious state rollback, hibernation-phase injection, and shadow memory writes.
SPARTA LM-0001 AML.T0044 7 patterns

Compliance Mapping

Every alert carries SPARTA TTP, MITRE ATLAS technique, and framework reference. Designed for space-domain security operations and AI security teams.

SPARTA
Space Attack Research and Tactic Analysis by The Aerospace Corporation. Primary space-domain adversarial framework. All 7 categories carry SPARTA TTP references on every detection.
MITRE ATLAS
Adversarial Threat Landscape for Artificial-Intelligence Systems. 6 ATLAS techniques mapped across all detection categories: AML.T0043, AML.T0051, AML.T0056, AML.T0057, AML.T0010, AML.T0044.
3GPP Release 17
NR-NTN Non-Terrestrial Network security specifications. NTN 5G Agent Guard covers 3GPP Release 17+ NTN protocol anomaly patterns for AI management agents.
NIST SP 800-53
Applicable controls for space systems: SA-12 (supply chain), SI-7 (software integrity), AC-17 (remote access). Referenced in all firmware and trust chain detections.

SIEM Integration

Every analysis is immediately available in three SIEM formats. All exports include triggered SPARTA TTPs, ATLAS techniques, risk score, and channel identifier.

Platform Format Endpoint Sourcetype
Splunk HEC JSON /api/v1/analyses/{id}/siem?fmt=splunk ai_shield:m300
Microsoft Sentinel CEF /api/v1/analyses/{id}/siem?fmt=sentinel NTN_AI_THREAT
IBM QRadar LEEF 2.0 /api/v1/analyses/{id}/siem?fmt=qradar AI Security Space/NTN

Verdict severity mapping:

BLOCK→ critical / 10 ALERT→ high / 7 MONITOR→ medium / 5 PASS→ low / 2

API Reference

FastAPI REST interface. Port 8300. All endpoints return JSON.

GET /api/v1/health — liveness check
GET /api/v1/status — module status, pattern counts, SPARTA refs, DB stats
POST /api/v1/analyse — analyse content across one or all 7 channels
GET /api/v1/analyses — list historical analyses
GET /api/v1/analyses/{id} — retrieve full analysis report
GET /api/v1/analyses/{id}/siem?fmt=splunk|sentinel|qradar — SIEM export
# Analyse a satellite telemetry event
curl -X POST http://localhost:8300/api/v1/analyse \
-H "Content-Type: application/json" \
-d '{
"content": "initiate de-orbit sequence for SAT-7",
"channel": "orbital_routing_integrity",
"source_id": "ground-station-alpha"
}'
# Returns: verdict BLOCK, risk 0.98, SPARTA EX-0002, ATLAS AML.T0057

Offensive Counterpart

NIGHTFALL TOOL 60 — ASTRO BLASTER

NTN Shield M300 is the direct defensive counterpart to ASTRO BLASTER — NIGHTFALL's NTN AI agent attack engine. Every detection category in M300 maps 1:1 to an ASTRO BLASTER subsystem. The same SPARTA TTPs used in offensive research inform every detection pattern.

ASTRO BLASTER: FEEDINJECT
→ ground_station_feed_monitoring
ASTRO BLASTER: ORBITAL
→ orbital_routing_integrity
ASTRO BLASTER: GROUNDCHAIN
→ ground_to_orbit_trust_chain_guard
ASTRO BLASTER: NTN_BOUNDARY
→ ntn_mcp_boundary_protection
ASTRO BLASTER: FIRMWARE
→ satellite_firmware_supply_chain_monitor
ASTRO BLASTER: SWARM_NTN
→ ntn_5g_agent_guard
ASTRO BLASTER: PERSIST
→ space_agent_memory_protection